Introduction to ISO27001: Information Security Standard

 

The International Standards Organisation (ISO) develops standards on a range of subject areas which are adopted by organisations throughout the world. Some, such as ISO 9001 (Quality Management), are well known in the business world and until recently ISO 27001 (Information Security) was one of the lesser known standards. The introduction of GDPR has thrown ISO 27001 into the spotlight as organisations of all sizes strive to find methods to demonstrate compliance with the new law. As you are no doubt aware, no single standard will ensure compliance with GDPR as many of the requirements are outwith the scope of any certification or standard. Nevertheless, certifications such as ISO 27001 and Cyber Essentials can go some way to help demonstrate that your company is following best practise and of course they will help keep your data safe. Many of our IT support customers across Glasgow, Edinburgh and central Scotland have approached us to for guidance on whether ISO 27001 or Cyber Essentials is a good fit for their organisation.  Red Mosquito are Approved Practitioners of Cyber Essentials - meaning we have been externally assessed and accredited as being able to help organisations implement the standards of Cyber Essentials.  We are well placed to advise on which standard best suits the needs of your organisation.  Our previous blogs on Cyber Essentials give a good overview of that process,  we have outlined some key points on ISO 27001 below and our consultants are able to provide detailed analysis of which certification would best suit your business needs.

 

Overview of ISO 27001

 

This standard was originally developed to:

“provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system (ISMS)”

 

It is suitable for organisations in any sector though it is especially useful for organisations which process high volumes of data or hold information on behalf of other organisations. Certification requires development of an Information Security Management System (ISMS) which is subject to independent third party verification by a Certifying Body in a two stage auditing process. Certification lasts for 3 years although annual surveillance visits by the Certifying Body are required. Embarking on the ISO 27001 journey is a big commitment in terms of time and money but holding this internally recognised certification does yield many benefits, it will help you:

 

  • Improve the security of the information you hold
  • Meet regulatory requirements including GDPR
  • Demonstrate to clients, shareholders and other stakeholders that you indendently audited processes in place to protect information
  • Have a competitive edge in a tendering process

 

The process of creating the ISMS will improve the security culture & awareness within your organisation as your team creates and formalises a framework of processes to ensure the confidentiality, integrity and availability of the information you hold. The ISMS does have some mandatory documentation requirements and controls that must be addressed (such as incident management, cryptography etc). Many organisations appoint a specialist consultant to guide them through the process while others buy in documentation toolkits or approach the task completely independently.  The key areas you are required to address include:

 

  • Formalising a security policy
  • Determining the scope of the ISMS
  • Completing a risk assessment
  • Identifing how you will manage risks and implementing controls
  • Auditing your processes

 

How can Red Mosquito help?

RedMosquito are happy to help any of our customers evaluate whether ISO 27001 or Cyber Essentials certification would be a good move for their organisation.  We can help with Cyber Essentials Certification, more info here. Please get in touch with us today if you would like more information on either of these standards. 


Red Mosquito provide IT support across Glasgow, Edinburgh and throughout the UK.

footer-logo

T 0141 348 7950 enquiries@redmosquito.co.uk
Glasgow 27 Panorama Business Village, Glasgow. G33 4EN
Edinburgh 8 Albany Street, Edinburgh EH1 3QB

KEEPING SOCIAL

facebook gplus twitter linkedin

ABOUT US

Formed in 1999 Red Mosquito provide a complete one-stop technical consultancy service offering managed services IT support, computer maintenance, computer networking and Cloud Services to businesses in Scotland and beyond. We operate as a complete outsourced IT department dealing with all of the day to day administration and configuration of our client's systems.

Based at our Operations Centre in Glasgow and in Edinburgh, we're in the business of providing top quality IT services driven by our passion for technology. Our team of experienced IT support engineers operates throughout Scotland keeping your servers and desktop computers running smoothly so that you can concentrate on what's really important - your business.

We are your IT department.

Case Studies

  • Russel & Aitken

    Founded in Falkirk in 1818 Russel & Aitken is one of the oldest legal firms in Scotland. From the start they have been associated with innovative new technologies and today they continue to maintain a modern and progressive approach to their business.

  • CMS Windows Ltd.

    When Red Mosquito started working with CMS in early 2011 our first task was to fully understand a complex business and the needs of its employees....